- Which SDK this is regarding: e.g. auth0-react
- SDK Version: 1.4.0
- Platform Version: Node 15
Hey! I am looking for some advice regarding auth0-react server-side usage. I have a simple nextjs application that interacts with an API provided by node.js AWS Lambda functions. Generally, I’ve seen the
getAccessTokenSilently as an effective way to call an API. However, what’s not quite clear to me is a clear way to validate the JWT token received server-side.
I think what I’m basically looking for is auth0-react’s equivalent to nextjs-auth0’s WithApiAuthRequired. In other words, it’d be really nice to wrap an API route with a JWT validator. Unfortunately, I don’t believe I can use nextjs-auth0 because I also want to support non-browser (CLI) requests, and from my understanding, nextjs-auth0 is entirely session-based.
Another approach would be like how next-auth.js offers jwt.getToken, which verifies and decrypts the JWT token received as a bearer token. I’m not sure if it’s possible to reuse this, perhaps? My initial attempt failed, but I suspect that may have been caused by this opaqueness.
I’ve also seen other approaches like using the
express-jwt library. However, from my understanding, this would not work in a serverless context.
Is there a common approach for this out there? How are others solving this usecase?